Free Access to ISACA.CISM.v2023-01-28.q301 with Valid Practice Test (Page 26)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISM Exam
ISACA.CISM.v2023-01-28.q301 Dumps

««
«
…
21
22
23
24
25
26
27
28
29
30
…
»
»»

Question 121

Which of the following is an example of a corrective control?

A.Diverting incoming traffic upon responding to the denial of service (DoS) attack
B.Filtering network traffic before entering an internal network from outside
C.Examining inbound network traffic for viruses
D.Logging inbound network traffic

Correct Answer: A

Section: INCIDENT MANAGEMENT AND RESPONSE
Explanation
Explanation:
Diverting incoming traffic corrects the situation and, therefore, is a corrective control. Choice B is a preventive control. Choices C and D are detective controls.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 122

In assessing risk, it is MOST essential to:

A.provide equal coverage for all asset types.
B.use benchmarking data from similar organizations.
C.consider both monetary value and likelihood of loss.
D.focus primarily on threats and recent business losses.

Correct Answer: C

Explanation
A risk analysis should take into account the potential financial impact and likelihood of a loss. It should not weigh all potential losses evenly, nor should it focus primarily on recent losses or losses experienced by similar firms. Although this is important supplementary information, it does not reflect the organization's real situation. Geography and other factors come into play as well.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 123

Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers?

A.Batch patches into frequent server updates
B.Initially load the patches on a test machine
C.Set up servers to automatically download patches
D.Automatically push all patches to the servers

Correct Answer: B

Section: INFORMATION SECURITY PROGRAM MANAGEMENT
Explanation:
Some patches can conflict with application code. For this reason, it is very important to first test all patches in a test environment to ensure that there are no conflicts with existing application systems. For this reason, choices C and D are incorrect as they advocate automatic updating. As for frequent server updates, this is an incomplete (vague) answer from the choices given.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 124

Senior management commitment and support for information security can BEST be obtained through presentations that:

A.use illustrative examples of successful attacks.
B.explain the technical risks to the organization.
C.evaluate the organization against best security practices.
D.tie security risks to key business objectives.

Correct Answer: D

Explanation/Reference:
Explanation:
Senior management seeks to understand the business justification for investing in security. This can best be accomplished by tying security to key business objectives. Senior management will not be as interested in technical risks or examples of successful attacks if they are not tied to the impact on business environment and objectives. Industry best practices are important to senior management but, again, senior management will give them the right level of importance when they are presented in terms of key business objectives.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 125

When granting a vendor remote access to a system, which of the following is the MOST important consideration?

A.Hard drive encryption
B.Session monitoring
C.Multi- factor authentication
D.Password hashing

Correct Answer: B

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
21
22
23
24
25
26
27
28
29
30
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISM.v2023-01-28.q301 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter